If you’re using a Mac and running the latest version of its operating system, you’re going to want to pay attention. It seems that Apple had a bug in their new operating system which allowed anyone that had physical access to a Mac admin access. Giving them full access to anything and everything on that computer.
The bug, discovered November 28th, was revealed on Twitter by Turkish software developer Lemi Orhan Ergin. He revealed that anyone can log into a Mac running MacOS High Sierra or adjust settings on that computer simply by logging in with the login name “root” (without quotations) and clicking enter, no password needed. The hack only works if the hacker is typing on the physical machine. It does not work remotely.
The bug only affects those running the newest OS, MacOS High Sierra. Apple put out a fix for the bug just less than one day after its discovery, which all High Sierra users should install immediately. To get the fix you must do the following:
Open up the App Store on your Mac.
In the App Store toolbar, click on updates.
Install any updates that are listed there.
If you aren’t sure which operating system you are running, click the apple icon in the upper left-hand corner of the screen, then click on “about this Mac”. This will show you the version number of the MacOS. The affected versions are 10.13 or 10.13.1.
Make sure you are installing the latest updates for all of your hardware, software, and operating systems. This keeps hackers from being able to take advantage of vulnerabilities. Be sure that these updates take place across the board. Have every computer in your organization update and make sure it gets done to avoid any breaches.
You want to keep out unsavory types and those meddling hackers, so encrypting your files is also an option. This way, even if they get ahold of your data, they can’t view it or alter it. Encrypting data that is being sent over the internet or to the cloud for storage is also a good idea. So even if the data or files get intercepted mid-stream, they are still unable to be read or changed.
Keep copies of your data separate from your original files. Whether online in the cloud or offline at a separate site from the original, always backup your data. It is best to have it backed up on the cloud and offline in another location. This way, if you are hacked or data gets lost, you will have a much better idea of what is missing and be able to get it back.
Cybersecurity is a big deal and a big job. But it is never foolproof. You must stay vigilant and uncompromising in your security measures. Don’t let hackers take what you’ve worked so hard to build.